cat <<EOF >  /etc/sysctl.d/k8s.conf 
net.bridge.bridge-nf-call-ip6tables = 1 
net.bridge.bridge-nf-call-iptables = 1 
net.ipv4.ip_forward = 1
EOF

sudo sysctl --system

安装依赖

apt-get install socat -y

sudo apt-get install -y apt-transport-https ca-certificates curl gpg

安装containerd

官网地址 https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#containerd-systemd

sudo apt install -y containerd
# 生成配置文件
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml

修改配置文件

# 替换 containerd 默认的 sand_box 镜像
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10"
# 设置Cgroup为Systemd
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true

添加crictl.yaml文件，这样就可以执行crictl 命令

cat<<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 5
debug: false
pull-image-on-create: false
EOF

重新加载配置文件，并重启containerd

systemctl daemon-reload
systemctl enable containerd
systemctl restart containerd
systemctl status containerd

添加k8s的源

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

apt update

查看下kubelet kubeadm kubectl 有哪些版本

apt list kubelet kubeadm kubectl 

安装对应的版本

apt-get install kubelet=1.33.3-1.1 kubeadm=1.33.3-1.1 kubectl=1.33.3-1.1 -y

apt-get install kubelet=1.33.3-1.1 kubeadm=1.33.3-1.1 kubectl=1.33.3-1.1 -y

锁定版本，避免错误升级

sudo apt-mark hold kubelet kubeadm kubectl

设置 master的 hosts

echo "172.19.182.213    kube.apiserver.cluster" | sudo tee -a /etc/hosts

到这里，基础环境配置就算完成了。其他的节点按照以上步骤执行就好。或者，将当前系统做成镜像，其他节点直接使用。

配置集群

查看Kubeadm需要的镜像

kubeadm config images list

可以看到依赖的镜像，如果有需要可以先拉倒本地，再上传到镜像仓库。

创建集群

kubeadm init --kubernetes-version=1.33.3 \
--control-plane-endpoint=kube.apiserver.cluster:6443 \
--image-repository=registry.aliyuncs.com/google_containers  \
--pod-network-cidr=192.168.0.0/16

如果是用calico --pod-network-cidr=192.168.0.0/16 就这么设置就可以了。

执行成功之后，可以看到如下内容。里面包含了加入集群的命令，在子节点执行即可。

节点上执行加入命令之后，执行 kubectl get nodes，可以看到如下内容。之所以两个STATUS都是NotReady，是因为没有安装网络插件。

kubectl apply -f https://ms-source.oss-cn-shanghai.aliyuncs.com/calico/3.30.2/calico-v3.30.2.yaml

kubectl get pods --all-namespaces

curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm

kubectl label node k8s-node-1 ingress=ingress-nginx

helm upgrade --install  --namespace kube-system --create-namespace \
--set controller.image.registry=registry.cn-shanghai.aliyuncs.com/ms_google_containers \
--set controller.image.image=ingress-nginx.controller \
--set controller.image.digest=sha256:2762f58c736a94271f41cdc31e9b1dd7928442ddf5a7c9c2fabebd594cc4b679 \
--set controller.hostNetwork=true \
--set controller.service.enabled=true \
--set controller.admissionWebhooks.patch.image.registry=registry.cn-shanghai.aliyuncs.com/ms_google_containers \
--set controller.admissionWebhooks.patch.image.image=ingress-nginx.kube-webhook-certgen \
--set controller.admissionWebhooks.patch.image.digest=sha256:7571808f58767010abcfdf74fef1220768ce297d315be51c4f070c599b8133bd \
--set controller.service.type=NodePort \
--set controller.nodeSelector.ingress=ingress-nginx \
--set defaultBackend.enabled=true \
--set defaultBackend.image.registry=registry.cn-shanghai.aliyuncs.com/ms_google_containers \
--repo https://kubernetes.github.io/ingress-nginx \
ingress-nginx ingress-nginx --version 4.13.0